Ask Slashdot: Rescuing a PC That's Been Hit By Scammers? 320
New submitter malcus writes "My father was hit by scammers the other day and even though he has handed over all computer service tasks to me they were able to sweet-talk him into: (1) Running some 'checks' to confirm the 'grave situation' that his computer was heading for (bad). (2) Start some remote-control program (worse). (3) Giving them his social security number (terrible). When they asked him for his credit card information he stopped and is now probably expecting them to call again. Meanwhile I have told him to dump the computer in holy-water or aqua regis and cut the internet cable. I am heading over to his place later and wonder what measures I should take."
Just the obvious (Score:5, Insightful)
Bow your head and type "Format C:" Amen.
Re:Just the obvious (Score:5, Informative)
The 'hurt' caused by the loss of data might also shock him up enough to be more careful.
Re: (Score:3)
Re:Just the obvious (Score:5, Insightful)
Re: (Score:3)
Re: (Score:3, Interesting)
I moved to open source so I would not have to pirate software any more. Since I am not an autocad user and GIMP meets my needs, I don't need photoshop.
I move other people to open source so I don't have to pirate software for them.
People don't make recovery disk sets. They lose the CDs/DVDs they do have. They "borrow" software from friends, family and work to install on their computer. Once the computer is riddled with spyware and a nuke and pave is the only way to fix it they have a few choices
1. Provide m
Re: (Score:2)
Win-Win Situation!
Re:Just the obvious (Score:5, Informative)
Yes, but make sure you back up any photos and other irreplaceable bits of information first!
Do not back up anything that's executable though.
Re: (Score:2)
This. Also write down other software installed and any registration codes to make it all marginally less a pain in the ass. Most will show IDs on the about box or some licensing/registration menu item.
I haven't had to reinstall the OS of my new Win7 comp, a couple of years old, but I switched to Chrome as IE was dead center as a hacker target.
Re: (Score:3)
Yes, but make sure you back up any photos and other irreplaceable bits of information first!
Do not back up anything that's executable though.
Photos, unfortunately, have been used as re-infection vectors.
The only sure bet is a 10-lb sledgehammer applied until the machine is completely flattened. Then nuke it from orbit, just in case.
Unfortunately, however, the worst of the damage isn't in the computer, it's was leaked out onto the Internet. Including, but not restricted to the SSN. Good luck with that.
Re: (Score:2)
Run all JPEGs through jpegtran (Score:3)
Photos, unfortunately, have been used as re-infection vectors.
I imagine that passing a JPEG photo through jpegtran [wikipedia.org], a tool for lossless rotation, flipping, and remultiplexing of JPEG images, would strip out any format oddities through which a photo file can reinfect a computer. What viruses are you talking about that reinfect a host through JPEG images, and did the reinfection vectors survive jpegtran?
Re:Just the obvious (Score:4, Insightful)
I would also suggest switching Dad to Linux. While not totally immune to attack, whatever the scammers had him do would probably have had no effect on Linux if the steps could even be duplicated on a Linux box.
The post about contacting the FBI is also a good one. Find out if they are interested in any forensics BEFORE wiping the OS.
Re: (Score:3)
Do not back up anything that's executable though.
1. Image the drive.
2. Plug it into a good Linux system.
3. Only mount it in a VM or booted off ROM (Live CD/DVD).
4. Profit...errrr...have fun.
First rule of any damaged system. Image it. You've got a copy of everything. If you don't boot the drive or run any software on it it can't hurt you. If you mount it in a VM you can even enable/disable the network interface at will. Might be fun to backtrack the scammers and mess with'em.
Backing up (Score:3)
Re:Just the obvious (Score:5, Informative)
That's definitely the first thing he needs to do, but there's more besides:
1) Change all passwords. Either do it from a different PC or from that PC AFTER it has been wiped and confirmed clean.
2) Get a few credit checks over the next few months. Depending on how much information the father has actually given away (and it may be more than he's willing to admit), he may have given the scammers enough to do a thorough identity theft job on him. Picking up any attempts at this as early as possible will be important.
3) Some urgent parental re-education. Using a stout stick if necessary.
Oh, and when going to do the disinfection, if you're taking a personal machine with you, make damned sure before you go that it is NOT set to automatically connect to wireless networks. I got stung with this one a few weeks ago when disinfecting an uncle's PC.
He'd picked up one of those ransomware fake-AV trojans that basically renders Windows unusable. I'd figured it was going to be a wipe-and-reinstall job (which indeed it was), but had taken an old laptop with me in case I needed a "clean" PC for anything. This laptop had been my secondary PC until I replaced it with an iPad and I was going to use my trip "up north" as an opportunity to hand it over to the parents, who would make more use of it than I would. It'd just been flattened itself and had a fresh (though updated) Vista install on it. It also has a network share on it, that I'd used to copy a few drivers and other files over from my desktop to save redownloading them.
Anyway, like a fool I boot the thing up as soon as I get in there, forgetting two important things:
1) The laptop will default to connecting to any wireless network it can find and get onto; and
2) My uncle, being a complete idiot, has an unsecured wireless network.
So the laptop connects immediately to his wireless network - and gets infected within seconds by the trojan on his PC via the open network share. Fortunately, I had the Vista disc with me to do an immediate wipe and reinstall on the laptop as well, but it was still frustrating.
Re:Just the obvious (Score:4, Informative)
Re:Just the obvious (Score:5, Interesting)
THIS!! Which is why the laptop I take for these kinds of 911 calls to guilible relatives/friends whose Windows machines have been screwed up by malware is a Linux machine. I'm the defacto tech support for my church/neighborhood. I've had several "clients" who are the typical "click on EVERYTHING" types, and who would call frequently when their machines got so slow that they couldn't do anything.. In the first case, the machine was so hozed that only a clean reinstall of windows would be effective. But of course the owner didn't have the recovery disks for XP. The machine maxed out at 2GB, so getting the user to buy Win7 was a non-starter. To save the day, I loaded an Ubuntu LiveCD and showed what Ubuntu looked like, and asked "Can you live with that??" with an unspoken "You have no choice..".. The user said "whatever you say, I gotta have my computer!!".. So I backed up the docs to a USB drive via the LiveCD, and wiped/installed Ubuntu.. After a couple of calls from the user, saying "how do I do X??", I'm not hearing much from her anymore. As far as I know she still clicks on everything in sight, but I've not gotten anymore "my computers slow" issues. In fact, her husband, once he saw how well Ubuntu worked, he wanted to be "upgraded" to Ubuntu, and now he's a happy camper.. Word has spread, and I'm doing a fair number of these "upgrades"... Still using 10.04, as I'm still trying to decide if MATE or Cinnamon OR X/Lubuntu is the best way to replace Unity on 12.04..
MATE or Cinnamon OR X/Lubuntu (Score:2)
Lubuntu, thanks!
Re:MATE or Cinnamon OR X/Lubuntu (Score:4, Interesting)
I really enjoy my Zorin Linux distribution. It's so Window-like that there's almost no cognitive friction in switching. Comes with Wine pre-installed too, if for some reason, running a windows app is absolutely necessary.
Re:Just the obvious (Score:4, Informative)
I did much the same for my father. He was continually getting his Windows PC totally overloaded with malware (possibly assisted by grandsons from another branch of the family who liked to play on it).
After recovering it a couple of times I simply scrubbed it and installed Debian. It does everything he needs and has reduced the support calls to pretty much nothing.
He is quite unaware of what operating system he is using - he just needs to be able to access the web, read his e-mails and write some letters.
Re: (Score:3)
2) Get a few credit checks over the next few months. Depending on how much information the father has actually given away (and it may be more than he's willing to admit), he may have given the scammers enough to do a thorough identity theft job on him. Picking up any attempts at this as early as possible will be important.
This, and even more proactive, call the three credit reporting agencies and ask for a fraud alert be attached to the name/SSN. This makes anyone trying to get credit have to jump through some more hoops - some difficult or impossible (without removal of the fraud alert first). It'll make obtaining new-credit for your father a big headache (although he should already be pretty established there), but could make credit a non-starter for an ID thief.
Re:Just the obvious (Score:5, Informative)
Re: (Score:2)
Neither, really. By my own admission, I'd not done as much to protect the machine as I could have done. A Windows 7 machine which had been run through windows update to ensure that it picked up every last security update and which had proper AV software installed would probably have had a better chance than something in default configuration with a single hurried pass through Windows Update.
If you think back to the history of Windows Updates during the lifespan of Vista, there were a lot of updates pushed o
Re: (Score:3)
Re: (Score:2)
Re:Just the obvious (Score:5, Informative)
Yank the HD.
Slave it to another machine.
Save what you need to.
Format it.
Toss it back into the original machine.
If he can handle it, install your favorite flavor of linux. If not, reinstall windows.
Make sure his account lacks the privileges to get into that much trouble in the future.
Start researching identity theft countermeasures.
Re: (Score:3)
Before anyone takes your advice as a solid plan, just remember that formatting doesnt touch the MBR, which for a few years has been a favorite place to hide out for viruses.
dd if=/dev/null -of=/dev/sda bs=512 count=1
Will handily wipe out your bootsector (including, I believe, your partition table, so make a backup before running this).
Alternatively, if you want to try disinfecting, you can re-write it using the program "ms-sys", which I believe is on sourceforge and can rewrite a Windows MBR. Generally fixing the MBR is going to be necessary before
Re:Just the obvious - WRONG ORDER (Score:5, Insightful)
The blatant identity theft is a ticking time bomb that will not be easy or painless to redress (especially for someone who readily handed over an SSN for ANY reason)....
The computer can sit there (off) just fine while you stop the bleeding.
1. OBVIOUSLY keep computer not only offline but OFF & OFF-SITE (who knows what he might try to do with it).
2. HELP YOUR FATHER start protecting himself with his....
3. banks....
4.
5.
6.
30. THEN look into addressing the computer problems.
Car analogy:
"My father hit a tree at 50 miles an hour and appears to have a broken collarbone and a punctured lung.... I'm heading over to investigate... Does anyone know if I can use my own AAA membership to get the car towed or should I have my own mechanic work on repairing the vehicle's front end?"
Re: (Score:2)
Re:Just the obvious (Score:5, Informative)
Bow your head and type "Format C:" Amen.
Even better ... make him buy a new hard disk, that way you can be sure that:
a) He spends some money (more likely to pay attention in the future).
b) You didn't lose any data files - they're all on the old disk somewhere.
Re: (Score:3)
b) You didn't lose any data files - they're all on the old disk somewhere.
Just sitting there waiting to reinfect the new machine.
Re: (Score:3)
Thats no longer enough. Formatting targets the partition; modern threats target the bootsector. Using dd or gparted to wipe out the MBR may be necessary at this point, as may reflashing the BIOS.
Thats assuming, of course, that you want to have any confidence in the computer ever again.
Wipe and reinstall. (Score:4, Informative)
Same as for any other compromised machine.
Re: (Score:3)
No, a full repartition would not. The bootsector is not in "formattable" space. Formatting refers to the process of creating a partition with a filesystem; Im talking about the segment of the drive where the partition table and the boot instructions reside, which formatting wont generally see as a valid target.
Re: (Score:3)
It is an unsafe assumption to make. It is entirely possible to do a windows reinstall and continue to have a bootsector rootkit.
But hey, why spend the extra 5 minutes of ensuring you have a clean bootsector, when you can live with years of uncertainty about whether your computer is clean?
Re: (Score:3)
Well, for one thing I didn't say *anything* about Windows - I haven't a clue what Windows does because I haven't used it.
If you wipe the drive with some drive-wiping software, it's a pretty reasonable assumption that it will wipe every sector that is physically writeable.
More Information. (Score:3)
Re: (Score:2)
I'd also change passwords on any sites he was using, especially ones that store credit card details etc.
Format and reinstall (Score:2)
What else were you expecting?
Re: (Score:3)
What else were you expecting?
Probably, "as of August 2012 the best forensic analysis boot disk/usb image is ..." and the URL of a web page at SS.gov or maybe some consumer organization most likely titled something like "Your SS number is now public knowledge... what should you do now?"
Some anecdotes of what someone has RECENTLY found in a forensic analysis of something owned like this might be interesting, although not terribly useful.
Re:Format and reinstall (Score:5, Insightful)
As someone who does forensic analysis, no, the thing you want to do is not tell an untrained amateur how to try to do it, point them at tools, and hope for the best. It's actually time consuming and can be hard. By far the simplest solution is wipe and reinstall. If you want an actual forensic analysis done, unplug the network cable, step away and DO NOT TOUCH THE BOX AGAIN! Then call a pro.
Re: (Score:2)
Victim's father is not accused of a crime here (unless the scammer also dumped some kiddy porn on the disk..), so "preserving the chain of evidence" is not a necessity here.
And preserving evidence in order to haul the scammer into court is not necessary as well, because:
Re: (Score:2)
It's actually time consuming and can be hard.
Sounds like the definition of a hobby. I'd strongly suggest OP poke around for fun, but no one wants to help him by telling him "the best free downloadable forensics boot disk as of aug 2012 is ...". At most all it'll cost is a blank cdrom disk or unimaginably if he has no spare flash drives laying around it might be $5 at walgreens for a small one. I'm assuming OP is not going to send his dad an itemized hourly bill of his work, so if he Fs around for a couple hours before the reinstall no one is "losin
Re: (Score:2)
Your points about the SSN and identify theft are spot on, but for the PC itself it just doesn't make sense in a risk/cost vs reward context for an amateur to try and salvage an infected PC. It'll take hours at least and most importantly, you'll never really know if the machine is clean or not. Any machine that I know has been compromised is treated as compromised until it gets a full wipe, no matter how much effort I put into clearing the infection.
For my 2 cents: Boot from disk into a flavor of Linux th
Re: (Score:2)
Reflash the bios.
BIOS Trojans are evil and bad.
Have some fun with them (Score:2)
Install a VM with a godawfully infected version of Windows 98 on it and turn them loose on it... for the lulz.
Re: (Score:3)
Re: (Score:2)
I'm 99% sure that the OP will argue that his father needs/wants Windows and can not use Linux for x reasons.
Disclaimer: Installing Ubuntu worked for my father.
Re: (Score:2)
oddly enough (Score:5, Informative)
Victims are stuck cleaning up the mess. (Score:5, Informative)
What many of these scammers do is surf the hardrive for login information for financial institutions, bank and credti card numbers, and anything else they can get to commit financial fraud.
Call and write letters to the credit bureaus, your banks, and every other financial institution one does business with.
And keep a sharp eye out for shenanigans and don't pay any bill that's not yours.
File a police report. The cops won't do anything, but at least you'll have something to fax the debt collectors who may be calling.
It sucks but it's up to the victim to clear their name as best as they can.
The banks and other financial institutions just write off any losses and pass on the costs to the rest of us in the form of higher and more fees.
The other thing they do with the information is create phoney IDs for illegals, get medical care for folks who can't pay, and various other things that require an ID - all in the victim's name and SSN. Folks have been arrested in the past because of someone else using their identity to commit a crime, the warrant goes out, and then the victim gets their lciense plate scanned by a cop, pulled over and taken to jail.
Have fun with that.
This is why backups exist. (Score:3)
This is why you have backups. Reinstall the OS, restore your backups and do not give him an administrator account this time.
Re:This is why backups exist. (Score:5, Insightful)
everyone wants restore, no one make backups...
Re: (Score:2)
Then when they lose their data they learn a valuable lesson. That is how life works kids, test first lesson after.
Password resets (Score:3)
Get him to change all of his passwords, especially banking passwords. Preferably from a network that hasn't seen the computer in question (and of course not on that machine). You know that they've executed foreign code, you have to assume that the machine is pretty much forever compromised.
Back it up and nuke it! Then scan the backup. (Score:2)
Re:Back it up and nuke it! Then scan the backup. (Score:4, Informative)
Given the price of drives and the rate of change, you're better off just buying a new $50 drive and upgrading him. Then take the old drive, stick it in an external enclosure, and play around with it on a linux host. Unless his old PC is so old it can't be easily upgraded. Can you still buy PATA from retail stores or is it all SATA now, for example?
Re: (Score:2)
You can buy pata, but the markup is enough to cover the cost of a pci sata card in many cases.
Re: (Score:2)
I second this. Just get another drive and start from scratch on that drive. If you need any data from the old drive, do it on a isolated computer on different non standard OS (*BSD or *nix) to prevent cross contamination. I would also reapply BIOS in case they found a way to infect it.
Re: (Score:2)
I would also reapply BIOS in case they found a way to infect it.
Like I said, look at it as an upgrade opportunity. May as well stick the latest bios version on there, if you're coming over to fool with the computer anyway.
The part I don't get is I haven't BIOS upgraded anything in a while, but the board makers fixation used to be only providing a windows app to flash. So you can't install windows or it'll get owned by the flash but you can't upload the flash without installing windows. I'd hope all mfgrs would distribute freedos bootable cdrom/usb images with the boo
Re: (Score:2)
A stern son-to-father lecture (Score:4, Insightful)
Re: (Score:2)
If the problem persists and is not secondary to a rogue program/daemon get a 3.5 ft (approx. 1 meter) length of sucker rod* and have a chat with the user in question.
Sucker rod def. — 3/4, 7/8 or 1in. hardened steel rod, male threaded on each end. Primary use in the oil industry in Western North Dakota and other locations to pump 'suck' oil from oil wells. Secondary uses are for the construction of cattle feed lots and for dealing with the occasional recalcitrant or belligerent individual.
Re: (Score:3)
Re:A stern son-to-father lecture (Score:4, Insightful)
Re: (Score:3)
Nuke the site from orbit (Score:5, Funny)
Wipe, reinstall, serious talk about his finances (Score:5, Insightful)
Everybody's going to tell you the obvious right answer. You wipe the box and start over with a clean install, fully patched, with a firewall and AV. Anything less is really just asking for whatever happens next.
Subsequent to that, you need to have a serious talk with your dad about sharing control over his finances with someone trustworthy (you, maybe). If he's handing out his social security number to any random nutjob who calls him, he's going to give away his life savings to some scammer someday. The time to prevent that is now, not later. I am seriously planning to do that myself, that is put something in place so that when (not if) I'm no longer competent to handle my own affairs, my kids will have the legal ability to seamlessly keep me from bankrupting myself. I have decades before this needs to happen, but the time to do it is when you are of sound, not failing, mind.
I'd also look into putting a fraud warning on his credit report with all three credit bureaus. I'm not going to pretend that's something I know much about, so research it and confirm for yourself what good it will do and what harm before you act. I do think you want to limit the ability of any random goofball who knows your dad's SSN and name from opening credit in his name.
Re: (Score:3)
Yes, the computer is the smallest problem (Score:5, Informative)
After you call your bank (including any banks you have loans/credit cards/ with) and let them know what happened, do this:
(stolen shamelessly from usbank's website)
1.Call the major credit bureaus:
Equifax: 800-525-6285 or equifax.com
Experian: 888-397-3742 or experian.com
TransUnion: 800-680-7289 or transunion.com
First, ask that they place a “fraud alert” on your credit file. A fraud alert prevents creditors from changing your accounts – or opening new ones in your name – without proper verification. Then, request a free copy of your credit report. If you see any additional signs of fraud, notify the credit bureau and the creditors whose accounts are affected. After the disputed transactions are resolved, request another copy of your credit report to make sure your file has been updated.
2.Call your other creditors – including your phone and utility companies – and let them know that you’ve been a victim of fraud. Close any accounts that may have been compromised. As a precaution, consider resetting all of your passwords.
3.Inform check security companies about the fraud:
National Check Fraud Center 843-571-2153
SCAN 800-262-7771
TeleCheck 800-710-9898
CrossCheck 707-586-0551
Equifax Check Systems 800-437-5120
International Check Services 800-526-5380
Chexsystems 800-428-9623
CheckRite 800-466-2748
4.File a police report if you think your personal information (driver’s license, address) has been compromised or stolen.
5.Call the Federal Trade Commission (FTC) identity theft hotline at 877-438-4338, or file your complaint online at ftc.gov.
6.Be vigilant, patient and persistent. It can take weeks — or even months — to resolve identity theft. Keep a close eye on all of your statements, review your credit reports regularly, and immediately report any discrepancies.
Why so paranoid? Because with nothing more than your SSN and Address, the bad guys can see your free credit report and know about *every line of credit you have*.
The race is on; here comes Pride in the back stretch.
Disconnect PC from the internet, get him an iPad (Score:3)
Disconnect the PC from the internet, so it's only useful for Word/Excel and maybe Turbotax.
Get him an iPad for day-to-day web surfing.
Unless he's a real gamer or his bank is from the 19th century, this should solve most of his problems.
obvious (Score:4, Informative)
So, reset all passwords for all significant accounts, add a fraud alert to his credit report or add a third party lockdown solution like Lifelock (even though I hate them) and you should be set.
Apart from the above suggestions to Wipe & Rei (Score:2)
Is there a reason your father MUST be on Windows? Is he primarily browsing and using office productivity applications? If he does not have specific requirements (such as gaming, high end graphics/video production, ect) then he should not be running Windows to begin with.
Get thee to Linux Mint, good sir, and do have that son to father talk regardless. Giving out personal info to strangers is insane.
Install Ubuntu (Score:3)
Kill it with fire (Score:3)
Failing that, you need to treat the entire system as compromised, because it probably is. Do the following:
Bring a Linux live CD and an external hard drive. Boot ONLY into Linux, copy necessary files (documents, photos) over to the external hard drive.
Wipe the computer and reinstall everything from scratch. EVERYTHING. DBAN is your friend here. In fact, if he needs a bigger hard drive anyways, do that - just get a completely new hard drive.
Restore his data files from the backup you just made.
Yes, it's a pain, but at this point the system could contain something that anything short of this wouldn't clear out. (In fact, it's *possible* for malware to make it through even that, but AFAIK those are still just research demos, not in the wild).
Terminate With Extreme Prejudice (Score:2)
Boot From System Recovery Disk
Backup data files to DVD
Reinstall BIOS
NUKE MBR
Zero the hard drive
Reinstall everything.
-or-
Boot From System Recovery Disk
Backup data files to DVD
Zero Hard Drive
Put Computer in Trash
1. remove hard drive, boot from optical (Score:2)
2. Have him save all his data to a cloud service.
3. As for the data on the hard drive, consider it all suspect. Only read it on a readonly environment such as Knoppix or other live Linux CD. I'm sure there are online virus scanners out there (Panda was one I used a couple times several years ago - are they still going?) that can be used to scan individual files, which can then be moved to flash or online storage.
4. Microsoft Windows should be considered a niche platform.
Re: (Score:2)
2. Have him save all his data to a cloud service.
Has anyone heard of "cloud services" being used as a vector for computer virus infection?
I wouldn't let an infected machine access the Internet at all, let alone a password-protected service.
Use offline Windows Defender USB/CD (Score:2)
Remove dad's admin privs (Score:2)
Lots of good advice so far, but one more item -- since your father has turned sysadmin tasks over to you, once you wipe and re-install, set up his account on the computer so that it is a restricted user account, not an admin account. If he isn't doing sysadmin tasks then he doesn't need the privs and this limits the amount of damage that a scammer can do to the computer. (Although getting his SSN and other info is still really bad.)
--Paul
credit freeze (Score:2, Informative)
I can't believe no one has recommended a credit freeze:
http://en.wikipedia.org/wiki/Credit_freeze
gave them his ssn? (Score:5, Informative)
really? And you're worried primarily about the state of his computer?
He should be spending some time on the phone with his credit card companies making sure any security features they offer are fully activated, such as enhanced (not easily guessed based on what was on his computer) security questions, subscribing to a few years of identity theft watch, schedule regular pulls of his credit report watching for new plastic, checking accounts, and loans in his name, etc. The ssn by itself has some limits on abuse, but combined with the information on the hard drive (mother's maiden name, address, workplace, etc) it greatly magnifies the risk because it's going to allow additional verification of identity that a lot of places require.
After that, get him a book or something on how to be less of a sucker on the internet and in the world in general, or he'll just do it to himself again.
This could hound him for years to come. Make sure he understands that. If someone DOES manage to take out say, a loan or a card on his ssn, he needs to deal with it swiftly and decisively. Banks and similar organizations are notorious for not wanting to be the fall guy in cases like this, and will often try very hard to stick your dad with some or all of the bill. Don't be terribly surprised if something requires a lawyer to fix or clear off his record.
Re: (Score:3)
Simply put, it's used like one. It shouldn't be, but it is. Having someone's Name, address, DoB, and SSN is often enough to get credit in someone's name. Name and address are often very easy to get. Date of birth is sometimes very easy to get. SSNs are often hard. Comparatively, anyway. Many companies are happy to assume that if you know Joe Schmoe's SSN, you must be Joe Schmoe and give you credit in his name. When the real Mr. Schmoe stands up and tries to disclaim the debt, the issuer will try ver
Here's an idea (Score:2)
Back up just his data then blow away windows entirely and upgrade him to Linux.
Not only is linux more secure than windows anyway, but if his recovered data includes places where virusses can hide (such as any Microsoft Office files or PDF files) then they most likely wouldn't be able to do harm or even run in that environment either.
Nuke it from orbit (Score:2)
dd if=/dev/zero of=/dev/sda bs=1M
MS says reinstall (Score:4, Informative)
According to Microsoft's 10 Immutable Laws of Security [microsoft.com], "it's not your computer anymore" and you need to revert to a known-good state. This generally translates into a complete restore from backups or a reinstall. If you have a spare drive, it's probably easiest to just save an entire image of the bad drive (just to make sure you don't lose anything) and do a complete wipe. You can recover any needed data from the backup image (just be careful not to actually run any apps from that backup). A current AV installed on the fresh rebuild may be able to help remove some of the junk from the backup image as well, just make sure it doesn't accidentally "clean up" anything important. That should fix the PC itself, but there are other things you may want to consider as well (as suggested by others here).
Your dad may need some training/assistance regarding finances and private info. You'll want to reset any accounts that were accessed via the tainted PC (and any others you think could have been compromised by the infected PC). If he doesn't specifically need Windows, changing to Ubuntu or similar can inherently stop Windows-specific malware (including crap from well-meaning but incompetent remote techs, e.g. unnecessary software from the ISP). I set a previous girlfriend up with a laptop running Ubuntu, and was able to find Linux versions of pretty much any app she needed for what she wanted to do (web browser, office suite, iPod software, etc.). Linux may not do everything he needs, and it won't stop phone-based social engineering, but it can go a long way to help against malware.
Social Security number (Score:4, Insightful)
Why is giving out his SS number such an awfuly bad thing? From what I've read [wikipedia.org], it's no secret, but rather the contrary. It's just misassumed that the SS number should be secret.
Really, really? (Score:2)
So.... what happens when these scammers call someone who actually knows something about computers, or runs a Macintosh, or run Linux? Or are these scammers only targeting retirement communities, because an awful lot of people these days are computer literate. And many kids aren't even running PCs anymore, they are using tablets.
Re: (Score:2)
So.... what happens when these scammers call someone who actually knows something about computers, or runs a Macintosh, or run Linux?
He keeps them talking and sets up an instant honeypot to study their modus operandi. [slashdot.org]
Seriously though, you don't need a huge success rate for this to be a profitable endeavour. That guy was an unusual case -- I imagine that it usually takes about thirty seconds to figure out that your target is unsuitable, at which point you hang up and move to the next phone book entry.
personal and technical responses (Score:2, Insightful)
There's (at least) two sides to this:
Personal:
Credit agencies: So, this is a tech site, but before getting down-and-dirty with trying to fix his computer I would strongly suggest contacting the credit bureaus and put a hold on things. This will protect him from someone trying to open a new credit account in his name.
Credit cards and Banks: Depending on your level of paranoia, have him contact his credit card companies and banks and ask them to issue new cards. Of course, that may in turn require updat
Bigger problem (Score:3)
A hacker (or spammer) with access to the PC is probably only a minor inconvenience in the scheme of life, identify theft could be devastating for years to come!
As far as the computer goes, many have already answered that a format and reinstall of the OS is a good cure, and really isn't very hard to do.
Re: (Score:2)
Re: (Score:3)
Re: (Score:2)
4k block size will still take quite awhile due to all the overhead. bump it up to 1024000 for a wipe that will move at much closer to the speed of the interface.
Re: (Score:3)
Why do people think that?
Because many, many, many organizations treat it exactly like it's a password. You are very right that it should NEVER be treated as an authenticator. You are very wrong that it ISN'T treated as exactly that.
Re: (Score:2)
The windows CDs now contain a "recovery" console that copies required-to-boot files back into the install.
It works pretty well, I was quite surprised when I used it the first time, and it's been a great help (as in, saving time) several times.
That said, any compromised machine still needs to be wiped, but the damage they did by deleting files isn't unrecoverable. So, if you need to walk someone through it on a phone or something it may be worthwhile to know.
Re: (Score:2)
Re: (Score:3)
yup.. Even on the XP to Ubuntu upgrades I do, the default Ubuntu sudo for the users account is removed.. In other words, they CANNOT do ANY root-ish thing.. yeah I know, a bit more work for me, which is why I have Teamviewer on each system AND a user account for me which has the sudo creds.. I determine when setting up the machine what things the user is most likely going to need that will trigger a gksu dialog and add the user to those groups, and pre-install most of the apps the user will need from the re
Re: (Score:3)
How about establishing laws such that if some idiot bank gives credit to some random in my name, the default legal position is that the debt is invalid and does not attach to me merely by my denying I opened it. Require the issuer to have actual PROOF that the debt is mine before they can say word one to me (or my credit report) about it.
The credit industry has s